Message ID | 2280175bfbb0f010c0c6d3b850aba9c8ff8d9c2b.1623420545.git.lorenzo.bianconi@redhat.com |
---|---|
State | Not Applicable |
Headers | show |
Series | Introduce check_pkt_larger for ingress traffic | expand |
On Fri, Jun 11, 2021 at 10:32 AM Lorenzo Bianconi <lorenzo.bianconi@redhat.com> wrote: > > As it is already done for distributed gw router scenario, introduce > check_pkt_larger logical flows for gw router use case. > > Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com> Hi Lorenzo, Thanks for the patches. You forgot to put the "ovn" tag in the subject line and the patches never reached the ovn patchwork :). You've missed updating the documentation. I updated your patch with the ddlog implementation here https://github.com/numansiddique/ovn/commits/lorenzo_cpl. Please update your patch with the ddlog changes. I've few comments in patch 3. Thanks Numan > --- > northd/ovn-northd.c | 31 +++++++++++++++++++++--------- > tests/ovn.at | 47 +++++++++++++++++++++++++++++++++++++++++++++ > 2 files changed, 69 insertions(+), 9 deletions(-) > > diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c > index 512ec4a32..23367dbb0 100644 > --- a/northd/ovn-northd.c > +++ b/northd/ovn-northd.c > @@ -10534,17 +10534,30 @@ build_check_pkt_len_flows_for_lrouter( > struct hmap *ports, > struct ds *match, struct ds *actions) > { > - if (od->nbr) { > + if (!od->nbr) { > + return; > + } > > - /* Packets are allowed by default. */ > - ovn_lflow_add(lflows, od, S_ROUTER_IN_CHK_PKT_LEN, 0, "1", > - "next;"); > - ovn_lflow_add(lflows, od, S_ROUTER_IN_LARGER_PKTS, 0, "1", > - "next;"); > + /* Packets are allowed by default. */ > + ovn_lflow_add(lflows, od, S_ROUTER_IN_CHK_PKT_LEN, 0, "1", > + "next;"); > + ovn_lflow_add(lflows, od, S_ROUTER_IN_LARGER_PKTS, 0, "1", > + "next;"); > > - if (od->l3dgw_port && od->l3redirect_port) { > - build_check_pkt_len_flows_for_lrp(od->l3dgw_port, lflows, > - ports, match, actions); > + if (od->l3dgw_port && od->l3redirect_port) { > + /* gw router port */ > + build_check_pkt_len_flows_for_lrp(od->l3dgw_port, lflows, > + ports, match, actions); > + } else if (smap_get(&od->nbr->options, "chassis")) { > + for (size_t i = 0; i < od->nbr->n_ports; i++) { > + /* gw router */ > + struct ovn_port *rp = ovn_port_find(ports, > + od->nbr->ports[i]->name); > + if (!rp) { > + continue; > + } > + build_check_pkt_len_flows_for_lrp(rp, lflows, ports, match, > + actions); > } > } > } > diff --git a/tests/ovn.at b/tests/ovn.at > index 11a85c457..5c3ed2633 100644 > --- a/tests/ovn.at > +++ b/tests/ovn.at > @@ -16408,6 +16408,53 @@ for mtu in 100 500 118; do > test_ip6_packet_larger $mtu > done > > +ovn-nbctl lsp-del sw0-lr0 > + > +ovn-nbctl lr-del lr0 > +ovn-nbctl create Logical_Router name=lr1 options:chassis="hv1" > +ovn-nbctl lrp-add lr1 lr1-sw0 00:00:00:00:ff:01 10.0.0.1/24 1000::1/64 > +ovn-nbctl lsp-add sw0 sw0-lr1 > +ovn-nbctl lsp-set-type sw0-lr1 router > +ovn-nbctl lsp-set-addresses sw0-lr1 router > +ovn-nbctl lsp-set-options sw0-lr1 router-port=lr1-sw0 > + > +ovn-nbctl lrp-add lr1 lr1-public 00:00:20:20:12:13 172.168.0.100/24 2000::1/64 > +ovn-nbctl lsp-del public-lr0 > +ovn-nbctl lsp-add public public-lr1 > +ovn-nbctl lsp-set-type public-lr1 router > +ovn-nbctl lsp-set-addresses public-lr1 router > +ovn-nbctl lsp-set-options public-lr1 router-port=lr1-public > + > +ovn-nbctl lr-nat-add lr1 snat 172.168.0.100 10.0.0.0/24 > +ovn-nbctl lr-nat-add lr1 snat 2000::1 1000::/64 > + > +dp_uuid=$(ovn-sbctl find datapath_binding | grep sw0 -B2 | grep _uuid | \ > +awk '{print $3}') > +ovn-sbctl create MAC_Binding ip=172.168.0.3 datapath=$dp_uuid \ > +logical_port=lr1-public mac="00\:00\:00\:12\:af\:11" > + > +# Try different gateway mtus and send a 142-byte packet (corresponding > +# to a 124-byte MTU). If the MTU is less than 124, ovn-controller > +# should send icmp host not reachable with pmtu set to $mtu. > +for mtu in 100 500 118; do > + AS_BOX([testing gw mtu $mtu]) > + check ovn-nbctl --wait=hv set logical_router_port lr1-public options:gateway_mtu=$mtu > + ovn-sbctl dump-flows > sbflows-gw-$mtu > + AT_CAPTURE_FILE([sbflows-gw-$mtu]) > + > + OVS_WAIT_FOR_OUTPUT([ > + as hv1 ovs-ofctl dump-flows br-int > br-int-gw-flows-$mtu > + AT_CAPTURE_FILE([br-int-gw-flows-$mtu]) > + grep "check_pkt_larger($(expr $mtu + 18))" br-int-gw-flows-$mtu | wc -l], [0], [1 > +]) > + > + AS_BOX([testing gw mtu $mtu - IPv4]) > + test_ip_packet_larger $mtu > + > + AS_BOX([testing gw mtu $mtu - IPv6]) > + test_ip6_packet_larger $mtu > +done > + > OVN_CLEANUP([hv1]) > AT_CLEANUP > ]) > -- > 2.31.1 > > _______________________________________________ > dev mailing list > dev@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev >
> On Fri, Jun 11, 2021 at 10:32 AM Lorenzo Bianconi > <lorenzo.bianconi@redhat.com> wrote: > > > > As it is already done for distributed gw router scenario, introduce > > check_pkt_larger logical flows for gw router use case. > > > > Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com> > > Hi Lorenzo, > > Thanks for the patches. You forgot to put the "ovn" tag in the > subject line and the patches never reached the ovn patchwork :). > > You've missed updating the documentation. > > I updated your patch with the ddlog implementation here > https://github.com/numansiddique/ovn/commits/lorenzo_cpl. > Please update your patch with the ddlog changes. > > I've few comments in patch 3. Hi Numan, thx a lot for DDlog part, I will merge it. I will fix patch 3/3 and repost it. Regards, Lorenzo > > Thanks > Numan > > > --- > > northd/ovn-northd.c | 31 +++++++++++++++++++++--------- > > tests/ovn.at | 47 +++++++++++++++++++++++++++++++++++++++++++++ > > 2 files changed, 69 insertions(+), 9 deletions(-) > > > > diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c > > index 512ec4a32..23367dbb0 100644 > > --- a/northd/ovn-northd.c > > +++ b/northd/ovn-northd.c > > @@ -10534,17 +10534,30 @@ build_check_pkt_len_flows_for_lrouter( > > struct hmap *ports, > > struct ds *match, struct ds *actions) > > { > > - if (od->nbr) { > > + if (!od->nbr) { > > + return; > > + } > > > > - /* Packets are allowed by default. */ > > - ovn_lflow_add(lflows, od, S_ROUTER_IN_CHK_PKT_LEN, 0, "1", > > - "next;"); > > - ovn_lflow_add(lflows, od, S_ROUTER_IN_LARGER_PKTS, 0, "1", > > - "next;"); > > + /* Packets are allowed by default. */ > > + ovn_lflow_add(lflows, od, S_ROUTER_IN_CHK_PKT_LEN, 0, "1", > > + "next;"); > > + ovn_lflow_add(lflows, od, S_ROUTER_IN_LARGER_PKTS, 0, "1", > > + "next;"); > > > > - if (od->l3dgw_port && od->l3redirect_port) { > > - build_check_pkt_len_flows_for_lrp(od->l3dgw_port, lflows, > > - ports, match, actions); > > + if (od->l3dgw_port && od->l3redirect_port) { > > + /* gw router port */ > > + build_check_pkt_len_flows_for_lrp(od->l3dgw_port, lflows, > > + ports, match, actions); > > + } else if (smap_get(&od->nbr->options, "chassis")) { > > + for (size_t i = 0; i < od->nbr->n_ports; i++) { > > + /* gw router */ > > + struct ovn_port *rp = ovn_port_find(ports, > > + od->nbr->ports[i]->name); > > + if (!rp) { > > + continue; > > + } > > + build_check_pkt_len_flows_for_lrp(rp, lflows, ports, match, > > + actions); > > } > > } > > } > > diff --git a/tests/ovn.at b/tests/ovn.at > > index 11a85c457..5c3ed2633 100644 > > --- a/tests/ovn.at > > +++ b/tests/ovn.at > > @@ -16408,6 +16408,53 @@ for mtu in 100 500 118; do > > test_ip6_packet_larger $mtu > > done > > > > +ovn-nbctl lsp-del sw0-lr0 > > + > > +ovn-nbctl lr-del lr0 > > +ovn-nbctl create Logical_Router name=lr1 options:chassis="hv1" > > +ovn-nbctl lrp-add lr1 lr1-sw0 00:00:00:00:ff:01 10.0.0.1/24 1000::1/64 > > +ovn-nbctl lsp-add sw0 sw0-lr1 > > +ovn-nbctl lsp-set-type sw0-lr1 router > > +ovn-nbctl lsp-set-addresses sw0-lr1 router > > +ovn-nbctl lsp-set-options sw0-lr1 router-port=lr1-sw0 > > + > > +ovn-nbctl lrp-add lr1 lr1-public 00:00:20:20:12:13 172.168.0.100/24 2000::1/64 > > +ovn-nbctl lsp-del public-lr0 > > +ovn-nbctl lsp-add public public-lr1 > > +ovn-nbctl lsp-set-type public-lr1 router > > +ovn-nbctl lsp-set-addresses public-lr1 router > > +ovn-nbctl lsp-set-options public-lr1 router-port=lr1-public > > + > > +ovn-nbctl lr-nat-add lr1 snat 172.168.0.100 10.0.0.0/24 > > +ovn-nbctl lr-nat-add lr1 snat 2000::1 1000::/64 > > + > > +dp_uuid=$(ovn-sbctl find datapath_binding | grep sw0 -B2 | grep _uuid | \ > > +awk '{print $3}') > > +ovn-sbctl create MAC_Binding ip=172.168.0.3 datapath=$dp_uuid \ > > +logical_port=lr1-public mac="00\:00\:00\:12\:af\:11" > > + > > +# Try different gateway mtus and send a 142-byte packet (corresponding > > +# to a 124-byte MTU). If the MTU is less than 124, ovn-controller > > +# should send icmp host not reachable with pmtu set to $mtu. > > +for mtu in 100 500 118; do > > + AS_BOX([testing gw mtu $mtu]) > > + check ovn-nbctl --wait=hv set logical_router_port lr1-public options:gateway_mtu=$mtu > > + ovn-sbctl dump-flows > sbflows-gw-$mtu > > + AT_CAPTURE_FILE([sbflows-gw-$mtu]) > > + > > + OVS_WAIT_FOR_OUTPUT([ > > + as hv1 ovs-ofctl dump-flows br-int > br-int-gw-flows-$mtu > > + AT_CAPTURE_FILE([br-int-gw-flows-$mtu]) > > + grep "check_pkt_larger($(expr $mtu + 18))" br-int-gw-flows-$mtu | wc -l], [0], [1 > > +]) > > + > > + AS_BOX([testing gw mtu $mtu - IPv4]) > > + test_ip_packet_larger $mtu > > + > > + AS_BOX([testing gw mtu $mtu - IPv6]) > > + test_ip6_packet_larger $mtu > > +done > > + > > OVN_CLEANUP([hv1]) > > AT_CLEANUP > > ]) > > -- > > 2.31.1 > > > > _______________________________________________ > > dev mailing list > > dev@openvswitch.org > > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > > >
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 512ec4a32..23367dbb0 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -10534,17 +10534,30 @@ build_check_pkt_len_flows_for_lrouter( struct hmap *ports, struct ds *match, struct ds *actions) { - if (od->nbr) { + if (!od->nbr) { + return; + } - /* Packets are allowed by default. */ - ovn_lflow_add(lflows, od, S_ROUTER_IN_CHK_PKT_LEN, 0, "1", - "next;"); - ovn_lflow_add(lflows, od, S_ROUTER_IN_LARGER_PKTS, 0, "1", - "next;"); + /* Packets are allowed by default. */ + ovn_lflow_add(lflows, od, S_ROUTER_IN_CHK_PKT_LEN, 0, "1", + "next;"); + ovn_lflow_add(lflows, od, S_ROUTER_IN_LARGER_PKTS, 0, "1", + "next;"); - if (od->l3dgw_port && od->l3redirect_port) { - build_check_pkt_len_flows_for_lrp(od->l3dgw_port, lflows, - ports, match, actions); + if (od->l3dgw_port && od->l3redirect_port) { + /* gw router port */ + build_check_pkt_len_flows_for_lrp(od->l3dgw_port, lflows, + ports, match, actions); + } else if (smap_get(&od->nbr->options, "chassis")) { + for (size_t i = 0; i < od->nbr->n_ports; i++) { + /* gw router */ + struct ovn_port *rp = ovn_port_find(ports, + od->nbr->ports[i]->name); + if (!rp) { + continue; + } + build_check_pkt_len_flows_for_lrp(rp, lflows, ports, match, + actions); } } } diff --git a/tests/ovn.at b/tests/ovn.at index 11a85c457..5c3ed2633 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -16408,6 +16408,53 @@ for mtu in 100 500 118; do test_ip6_packet_larger $mtu done +ovn-nbctl lsp-del sw0-lr0 + +ovn-nbctl lr-del lr0 +ovn-nbctl create Logical_Router name=lr1 options:chassis="hv1" +ovn-nbctl lrp-add lr1 lr1-sw0 00:00:00:00:ff:01 10.0.0.1/24 1000::1/64 +ovn-nbctl lsp-add sw0 sw0-lr1 +ovn-nbctl lsp-set-type sw0-lr1 router +ovn-nbctl lsp-set-addresses sw0-lr1 router +ovn-nbctl lsp-set-options sw0-lr1 router-port=lr1-sw0 + +ovn-nbctl lrp-add lr1 lr1-public 00:00:20:20:12:13 172.168.0.100/24 2000::1/64 +ovn-nbctl lsp-del public-lr0 +ovn-nbctl lsp-add public public-lr1 +ovn-nbctl lsp-set-type public-lr1 router +ovn-nbctl lsp-set-addresses public-lr1 router +ovn-nbctl lsp-set-options public-lr1 router-port=lr1-public + +ovn-nbctl lr-nat-add lr1 snat 172.168.0.100 10.0.0.0/24 +ovn-nbctl lr-nat-add lr1 snat 2000::1 1000::/64 + +dp_uuid=$(ovn-sbctl find datapath_binding | grep sw0 -B2 | grep _uuid | \ +awk '{print $3}') +ovn-sbctl create MAC_Binding ip=172.168.0.3 datapath=$dp_uuid \ +logical_port=lr1-public mac="00\:00\:00\:12\:af\:11" + +# Try different gateway mtus and send a 142-byte packet (corresponding +# to a 124-byte MTU). If the MTU is less than 124, ovn-controller +# should send icmp host not reachable with pmtu set to $mtu. +for mtu in 100 500 118; do + AS_BOX([testing gw mtu $mtu]) + check ovn-nbctl --wait=hv set logical_router_port lr1-public options:gateway_mtu=$mtu + ovn-sbctl dump-flows > sbflows-gw-$mtu + AT_CAPTURE_FILE([sbflows-gw-$mtu]) + + OVS_WAIT_FOR_OUTPUT([ + as hv1 ovs-ofctl dump-flows br-int > br-int-gw-flows-$mtu + AT_CAPTURE_FILE([br-int-gw-flows-$mtu]) + grep "check_pkt_larger($(expr $mtu + 18))" br-int-gw-flows-$mtu | wc -l], [0], [1 +]) + + AS_BOX([testing gw mtu $mtu - IPv4]) + test_ip_packet_larger $mtu + + AS_BOX([testing gw mtu $mtu - IPv6]) + test_ip6_packet_larger $mtu +done + OVN_CLEANUP([hv1]) AT_CLEANUP ])
As it is already done for distributed gw router scenario, introduce check_pkt_larger logical flows for gw router use case. Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com> --- northd/ovn-northd.c | 31 +++++++++++++++++++++--------- tests/ovn.at | 47 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+), 9 deletions(-)